locked
cookie manipulation by server RRS feed

  • Question

  • I have an application that once someone has logged in sets some application cookies.  At certain points the application resets the maxAge to 1 so that the cookies will expire.  This works fine until I move the application behind the UAG.  Once the UAG is involved then then the cookies once set never receive the changes made at the server level and as a result the cookies don't expire as expected.  Is there some configuration change that needs to be done on the UAG trunk that will allow the changes made to the cookies at the server level (where they were initially created) to be sent back to the browser as happens when the UAG is not part of the equation?  thanks
    Friday, November 4, 2011 5:16 PM

All replies

  • Hi Michael,

    What you are saying does not make much sense.

    If the application initially can set the cookie with a specific expiration date, and later, set the same cookie with different expiration date, I see no reason for the first time to work and for the 2nd time to fail.

    Can you try capture some client side trace (Fiddler or HTTPWatch) and see the "set-cookie:" header coming via UAG?

    Maybe the UAG manipulate the cookie's name and the cookie you have is old one that was generated when you accessed the application directly. In this case, the "old" cookie will not be deleted, as the UAG change the cookie name.

    You can also try manually delete the browser's cookies and then test with only UAG and see if this works as expected.

    Ophir.

    Wednesday, November 9, 2011 1:20 PM